yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-26 13:25:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
16478 commits 88 branches 205 tags 69 MiB
Commit graph

5454 commits

Author SHA1 Message Date
Ron Eldor b6889d1d6a Fix test_suite_md API violation 
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-04 16:44:44 +00:00
Thomas Daubney 53a07dc924 Modifies data files to match new test function name 
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is reflected there.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:54:41 +00:00
Thomas Daubney 755cb9bf4f Changes name of check_iv to iv_len_validity 
Commit changes name of check_iv to
iv_len_vlaidity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:49:38 +00:00
Thomas Daubney 7c4a486081 Initialise buffer before use 
Commit initialises buf before it is used.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:47:49 +00:00
Thomas Daubney ac72f9c213 Initialise iv buffer before use 
Commit initialises the iv buffer before
it ias passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:44:51 +00:00
Gilles Peskine df57835a76 Make mypy unconditional 
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-28 16:11:58 +01:00
Manuel Pégourié-Gonnard 4e921870b1
Merge pull request #5546 from SiliconLabs/mbedtls-2.28/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
Backport 2.28: feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:41 +01:00
pespacek 55dfd8bb0a BUGFIX: PSA test vectors use UID 1 instead of 0. 
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:40 +01:00
pespacek ecaca12612 TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:00 +01:00
Ronald Cron 8e1ca4df2e
Merge pull request #5459 from gilles-peskine-arm/check_test_cases-list-2.28 
Backport 2.28: check_test_cases.py --list
 2022-02-15 13:52:37 +01:00
Ronald Cron 97f188289d
Merge pull request #5502 from AndrzejKurek/backport-2-18-import-opaque-driver-wrappers 
Backport 2.28 - Add tests for an opaque import in the driver wrappers
 2022-02-07 11:14:02 +01:00
Manuel Pégourié-Gonnard 8b8760885e
Merge pull request #5465 from gilles-peskine-arm/cmake-test-suite-enumeration-2.28 
Backport 2.28: CMake: generate the list of test suites automatically
 2022-02-07 09:48:24 +01:00
Andrzej Kurek d0c6a84dca Test driver: keep variable declarations first 
Followed by hook calls, and sanity checks last.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek 28a7c06281 Test drivers: rename import call source to driver location 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek 981a0ceeee Formatting and documentation fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek 96c8f9e89d Add tests for import hooks in the driver wrappers 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Gilles Peskine d4c5c3d231 Remove obsolete calls to if_build_succeeded 
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:37:49 +01:00
Gilles Peskine fdddb9de8f Remove obsolete variable restoration or unset at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:36:23 +01:00
Gilles Peskine 717d55edbe Remove obsolete cd at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:36:14 +01:00
Gilles Peskine ca9cfcaed9 Stop CMake out of source tests running on 16.04 (continued) 
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:35:14 +01:00
Manuel Pégourié-Gonnard 349a059f5f
Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28 
Backport 2.28: Add positive test case with self-signed certificates
 2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x 
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-02-03 11:31:34 +01:00
Andrzej Kurek 19d6ab0fb8 Enable testing with PSA for config-mini-tls1_1 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-27 11:01:24 -05:00
Andrzej Kurek 19e83fa3a5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on 
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek e001596d83 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek 53ad763848 Mark unused variable in tests for cases with reduced configs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Gilles Peskine 3df1dae6c0 CMake: generate the list of test suites automatically 
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.

The following test suites were missing:
  test_suite_cipher.aria
  test_suite_psa_crypto_driver_wrappers

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 23:28:51 +01:00
Gilles Peskine 8c681b7290 Add positive test case with self-signed certificates 
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:09:19 +01:00
Gilles Peskine efd696afb9 New option to list all test cases 
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 13:32:32 +01:00
Gilles Peskine 0c2f8ee3f0 Move collect_available_test_cases to check_test_cases.py 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 13:32:25 +01:00
Gilles Peskine 4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x 
Backport 2.x: Add list config function
 2021-12-20 22:08:01 +01:00
Dave Rodgman d41dab39c5 Bump version to 2.28.0 
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:55:31 +00:00
Dave Rodgman 08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:52:51 +00:00
Paul Elliott 5752b4b7d0 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:15:28 +00:00
Paul Elliott 270a264b78 Simplify Input usage macros 
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 73051b4176 Rename (and relabel) pkcs12 test case 
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 8ca8f2d163 Remove incorrect test dependency 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 2ab9a7a57a Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 1a3540afbe Fix missing test dependancies 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 13d5a3429a Add PKCS12 tests 
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:23 +00:00
Jerry Yu 969c01a234 Beauty source code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu cf080ce821 fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu bbfa1d8c19 Replace configs_enabled check with query_compile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Gilles Peskine 3fc0d30447 Don't fail until everything is initialized 
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:45:41 +01:00
Paul Elliott 68b64cd64c Add checked return to cipher setup 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 21:37:23 +00:00
Ronald Cron 620cbb9bf5
Merge pull request #5262 from xffbai/code-align-backport2.x 
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
 2021-12-09 16:26:24 +01:00
Manuel Pégourié-Gonnard c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x 
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
 2021-12-09 12:54:13 +01:00
Gabor Mezei f554ce21b8
Delete base64_invasive.h due to functions are moved to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-12-08 16:20:27 +01:00
Gabor Mezei 46f79c388d
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-12-08 16:19:41 +01:00